Privacy Policy

Last updated: 18 March 2026

1. Who we are

Niels Ltd. ("we", "us", "our") operates castlytics.app and provides a podcast advertising attribution platform (the "Service"). Questions: privacy@castlytics.app.

2. What data we collect and why

Account data

When you sign up we collect your name and email address to create and manage your account and send transactional emails (password resets, billing receipts).

Usage & campaign data

We store the campaigns, tracking links, conversion events, and analytics data you create inside Castlytics, used solely to provide the Service to you.

Listener tracking data

When a listener clicks a campaign short-link we record an anonymised event (timestamp, campaign ID, approximate region from IP, browser type). We do not store raw IP addresses beyond a single request.

Website analytics (Google Analytics 4)

With your consent we use GA4 to collect anonymised data about how visitors navigate castlytics.app. IP addresses are anonymised. GA cookies are only set after you click "Accept all" in our cookie banner.

Advertising & conversion tracking (Google Ads)

With your consent we use Google Ads (tag AW-18008525436) to measure whether visitors who clicked a Castlytics ad subsequently signed up or upgraded. This sets cookies (_gcl_au, _gac_*) used solely for conversion measurement. We do not use these for remarketing or audience targeting.

Payment data

Payments are processed by Stripe, Inc. We never store card numbers or bank details.

3. Cookies

Cookie	Purpose	Duration	Consent
next-auth.session-token	Keeps you logged in	Session / 30 days	No — strictly necessary
cookie_consent	Stores your cookie preference	1 year (localStorage)	No — strictly necessary
_ga, _ga_*	Google Analytics page-view measurement	2 years	Yes — analytics
_gcl_au, _gac_*	Google Ads conversion measurement	90 days	Yes — advertising

You can withdraw analytics consent at any time by clearing your browser cookies or local storage.

4. Legal basis for processing (GDPR)

Contract performance — processing your account and campaign data to deliver the Service.
Legitimate interests — preventing fraud and maintaining security.
Consent — analytics cookies (Google Analytics 4) and advertising cookies (Google Ads). Withdrawable at any time.
Legal obligation — retaining billing records as required by law.

5. Data sharing and third parties

We do not sell, rent, or trade your personal data. Sub-processors:

Stripe, Inc. — payment processing (USA, SCCs)
Google LLC — analytics (Google Analytics 4) and conversion tracking (Google Ads) (USA, Data Privacy Framework)
Vercel, Inc. — hosting & edge network (USA, SCCs)
Neon Technologies — database hosting (EU region)

6. Data retention

Account data is retained while your account is active. After deletion, personal data is removed within 30 days (billing records kept 7 years as required by law). Anonymised analytics data may be retained indefinitely.

7. Your rights (GDPR / UK GDPR)

Access — request a copy of your data.
Rectification — correct inaccurate data.
Erasure — right to be forgotten.
Restriction — pause processing.
Portability — receive data in machine-readable format.
Objection — object to legitimate-interest processing.
Withdraw consent — for analytics cookies, at any time.

Email privacy@castlytics.app to exercise any right. We respond within 30 days.

8. Children

Castlytics is not directed at children under 16. Contact us if you believe a child has provided data and we will delete it promptly.

9. Changes to this policy

We update the "Last updated" date on changes. For material changes we notify you by email or in-app notice. Continued use constitutes acceptance.

10. Contact

Niels Ltd. (trading as Castlytics)
Company number: 17092935
Registered in England & Wales
34 Woollerton Crescent, Wendover, HP22 6HT, UK
Email: privacy@castlytics.app